@cloud-copilot/iam-data 0.19.202605011 → 0.19.202605051

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/data/actions/application-signals-mcp.json +32 -0
  2. package/data/actions/cloudwatch.json +58 -1
  3. package/data/actions/redshift.json +11 -4
  4. package/data/actions/securityhub.json +62 -0
  5. package/data/conditionKeys/application-signals-mcp.json +7 -0
  6. package/data/resourceTypes/aidevops.json +1 -1
  7. package/data/resourceTypes/application-signals-mcp.json +9 -0
  8. package/data/resourceTypes/cloudwatch.json +4 -1
  9. package/data/serviceNames.json +1 -0
  10. package/data/services.json +1 -0
  11. package/package.json +2 -2
package/data/actions/application-signals-mcp.json ADDED
@@ -0,0 +1,32 @@
1
+ {
2
+ "callreadonlytool": {
3
+ "name": "CallReadOnlyTool",
4
+ "description": "Grants permission to invoke read-only Application Signals MCP tools (list_monitored_services, get_service_detail, query_service_metrics, list_service_operations, get_slo, list_slos, search_transaction_spans, query_sampled_traces, list_slis, get_enablement_guide, list_change_events, list_group_services, audit_group_health, get_group_dependencies, get_group_changes, list_grouping_attribute_definitions, audit_services, audit_slos, audit_service_operations, analyze_canary_failures)",
5
+ "accessLevel": "Read",
6
+ "resourceTypes": [
7
+ {
8
+ "name": "mcp-server",
9
+ "required": true,
10
+ "conditionKeys": [],
11
+ "dependentActions": []
12
+ }
13
+ ],
14
+ "conditionKeys": [],
15
+ "dependentActions": []
16
+ },
17
+ "invokemcp": {
18
+ "name": "InvokeMcp",
19
+ "description": "Grants permission to connect to and interact with the Application Signals MCP server (initialize, list tools, list resources, list prompts)",
20
+ "accessLevel": "Read",
21
+ "resourceTypes": [
22
+ {
23
+ "name": "mcp-server",
24
+ "required": true,
25
+ "conditionKeys": [],
26
+ "dependentActions": []
27
+ }
28
+ ],
29
+ "conditionKeys": [],
30
+ "dependentActions": []
31
+ }
32
+ }
package/data/actions/cloudwatch.json CHANGED
@@ -22,6 +22,15 @@
22
22
  "conditionKeys": [],
23
23
  "dependentActions": []
24
24
  },
25
+ "callwithbearertoken": {
26
+ "name": "CallWithBearerToken",
27
+ "isPermissionOnly": true,
28
+ "description": "Grants permission to make API calls to CloudWatch using bearer token authentication",
29
+ "accessLevel": "Write",
30
+ "resourceTypes": [],
31
+ "conditionKeys": [],
32
+ "dependentActions": []
33
+ },
25
34
  "createservicelevelobjective": {
26
35
  "name": "CreateServiceLevelObjective",
27
36
  "description": "Grants permission to create a service level objective",
@@ -527,6 +536,12 @@
527
536
  "conditionKeys": [],
528
537
  "dependentActions": []
529
538
  },
539
+ {
540
+ "name": "dashboard",
541
+ "required": false,
542
+ "conditionKeys": [],
543
+ "dependentActions": []
544
+ },
530
545
  {
531
546
  "name": "insight-rule",
532
547
  "required": false,
@@ -561,6 +576,15 @@
561
576
  }
562
577
  ]
563
578
  },
579
+ {
580
+ "name": "CloudWatch-Dashboard",
581
+ "resourceTypes": [
582
+ {
583
+ "name": "dashboard",
584
+ "required": true
585
+ }
586
+ ]
587
+ },
564
588
  {
565
589
  "name": "CloudWatch-InsightRule",
566
590
  "resourceTypes": [
@@ -644,7 +668,10 @@
644
668
  "dependentActions": []
645
669
  }
646
670
  ],
647
- "conditionKeys": [],
671
+ "conditionKeys": [
672
+ "aws:RequestTag/${TagKey}",
673
+ "aws:TagKeys"
674
+ ],
648
675
  "dependentActions": []
649
676
  },
650
677
  "putinsightrule": {
@@ -805,6 +832,12 @@
805
832
  "conditionKeys": [],
806
833
  "dependentActions": []
807
834
  },
835
+ {
836
+ "name": "dashboard",
837
+ "required": false,
838
+ "conditionKeys": [],
839
+ "dependentActions": []
840
+ },
808
841
  {
809
842
  "name": "insight-rule",
810
843
  "required": false,
@@ -842,6 +875,15 @@
842
875
  }
843
876
  ]
844
877
  },
878
+ {
879
+ "name": "CloudWatch-Dashboard",
880
+ "resourceTypes": [
881
+ {
882
+ "name": "dashboard",
883
+ "required": true
884
+ }
885
+ ]
886
+ },
845
887
  {
846
888
  "name": "CloudWatch-InsightRule",
847
889
  "resourceTypes": [
@@ -879,6 +921,12 @@
879
921
  "conditionKeys": [],
880
922
  "dependentActions": []
881
923
  },
924
+ {
925
+ "name": "dashboard",
926
+ "required": false,
927
+ "conditionKeys": [],
928
+ "dependentActions": []
929
+ },
882
930
  {
883
931
  "name": "insight-rule",
884
932
  "required": false,
@@ -915,6 +963,15 @@
915
963
  }
916
964
  ]
917
965
  },
966
+ {
967
+ "name": "CloudWatch-Dashboard",
968
+ "resourceTypes": [
969
+ {
970
+ "name": "dashboard",
971
+ "required": true
972
+ }
973
+ ]
974
+ },
918
975
  {
919
976
  "name": "CloudWatch-InsightRule",
920
977
  "resourceTypes": [
package/data/actions/redshift.json CHANGED
@@ -83,11 +83,11 @@
83
83
  "authorizeinboundintegration": {
84
84
  "name": "AuthorizeInboundIntegration",
85
85
  "isPermissionOnly": true,
86
- "description": "Grants permission to Amazon Redshift to continuously validate that the target data warehouse can receive data replicated from the source ARN",
86
+ "description": "Grants permission to Amazon Redshift to continuously validate that the target namespace can receive data replicated from the source ARN",
87
87
  "accessLevel": "Write",
88
88
  "resourceTypes": [
89
89
  {
90
- "name": "integration",
90
+ "name": "namespace",
91
91
  "required": true,
92
92
  "conditionKeys": [],
93
93
  "dependentActions": []
@@ -402,9 +402,16 @@
402
402
  "createinboundintegration": {
403
403
  "name": "CreateInboundIntegration",
404
404
  "isPermissionOnly": true,
405
- "description": "Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target data warehouse",
405
+ "description": "Grants permission to the source principal to create an integration into the namespace of target data warehouse",
406
406
  "accessLevel": "Write",
407
- "resourceTypes": [],
407
+ "resourceTypes": [
408
+ {
409
+ "name": "namespace",
410
+ "required": true,
411
+ "conditionKeys": [],
412
+ "dependentActions": []
413
+ }
414
+ ],
408
415
  "conditionKeys": [],
409
416
  "dependentActions": []
410
417
  },
package/data/actions/securityhub.json CHANGED
@@ -779,6 +779,21 @@
779
779
  ],
780
780
  "dependentActions": []
781
781
  },
782
+ "generaterecommendedpolicyv2": {
783
+ "name": "GenerateRecommendedPolicyV2",
784
+ "description": "Grants permission to generate policy recommendations for an OCSF finding",
785
+ "accessLevel": "Write",
786
+ "resourceTypes": [
787
+ {
788
+ "name": "hubv2",
789
+ "required": true,
790
+ "conditionKeys": [],
791
+ "dependentActions": []
792
+ }
793
+ ],
794
+ "conditionKeys": [],
795
+ "dependentActions": []
796
+ },
782
797
  "getadhocinsightresults": {
783
798
  "name": "GetAdhocInsightResults",
784
799
  "isPermissionOnly": true,
@@ -1104,6 +1119,21 @@
1104
1119
  "conditionKeys": [],
1105
1120
  "dependentActions": []
1106
1121
  },
1122
+ "getrecommendedpolicyv2": {
1123
+ "name": "GetRecommendedPolicyV2",
1124
+ "description": "Grants permission to retrieve policy recommendations for an OCSF finding",
1125
+ "accessLevel": "Read",
1126
+ "resourceTypes": [
1127
+ {
1128
+ "name": "hubv2",
1129
+ "required": true,
1130
+ "conditionKeys": [],
1131
+ "dependentActions": []
1132
+ }
1133
+ ],
1134
+ "conditionKeys": [],
1135
+ "dependentActions": []
1136
+ },
1107
1137
  "getresourcesstatisticsv2": {
1108
1138
  "name": "GetResourcesStatisticsV2",
1109
1139
  "description": "Grants permission to retrieve aggregate statistics about resources",
@@ -1175,6 +1205,22 @@
1175
1205
  "conditionKeys": [],
1176
1206
  "dependentActions": []
1177
1207
  },
1208
+ "getusagev2": {
1209
+ "name": "GetUsageV2",
1210
+ "isPermissionOnly": true,
1211
+ "description": "Grants permission to retrieve information about Security Hub usage for an account",
1212
+ "accessLevel": "Read",
1213
+ "resourceTypes": [
1214
+ {
1215
+ "name": "hubv2",
1216
+ "required": true,
1217
+ "conditionKeys": [],
1218
+ "dependentActions": []
1219
+ }
1220
+ ],
1221
+ "conditionKeys": [],
1222
+ "dependentActions": []
1223
+ },
1178
1224
  "invitemembers": {
1179
1225
  "name": "InviteMembers",
1180
1226
  "description": "Grants permission to invite other AWS accounts to become Security Hub member accounts",
@@ -1190,6 +1236,22 @@
1190
1236
  "conditionKeys": [],
1191
1237
  "dependentActions": []
1192
1238
  },
1239
+ "listaccountusagev2": {
1240
+ "name": "ListAccountUsageV2",
1241
+ "isPermissionOnly": true,
1242
+ "description": "Grants permission to retrieve a list of Security Hub usage for accounts in an organization",
1243
+ "accessLevel": "List",
1244
+ "resourceTypes": [
1245
+ {
1246
+ "name": "hubv2",
1247
+ "required": true,
1248
+ "conditionKeys": [],
1249
+ "dependentActions": []
1250
+ }
1251
+ ],
1252
+ "conditionKeys": [],
1253
+ "dependentActions": []
1254
+ },
1193
1255
  "listaggregatorsv2": {
1194
1256
  "name": "ListAggregatorsV2",
1195
1257
  "description": "Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions",
package/data/conditionKeys/application-signals-mcp.json ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "aws:resourcetag/${tagkey}": {
3
+ "key": "aws:ResourceTag/${TagKey}",
4
+ "description": "Filters access by tag key-value pairs attached to the resource",
5
+ "type": "String"
6
+ }
7
+ }
package/data/resourceTypes/aidevops.json CHANGED
@@ -8,7 +8,7 @@
8
8
  },
9
9
  "associations": {
10
10
  "key": "associations",
11
- "arn": "arn:${Partition}:aidevops:${Region}:${Account}:agentspace/${AgentSpaceId}/associations/${AssociationId}"
11
+ "arn": "arn:${Partition}:aidevops:${Region}:${Account}:agentspace/${AgentSpaceId}/association/${AssociationId}"
12
12
  },
13
13
  "private-connection": {
14
14
  "key": "private-connection",
package/data/resourceTypes/application-signals-mcp.json ADDED
@@ -0,0 +1,9 @@
1
+ {
2
+ "mcp-server": {
3
+ "key": "mcp-server",
4
+ "arn": "arn:${Partition}:application-signals-mcp:${Region}:${Account}:mcp-server/*",
5
+ "conditionKeys": [
6
+ "aws:ResourceTag/${TagKey}"
7
+ ]
8
+ }
9
+ }
package/data/resourceTypes/cloudwatch.json CHANGED
@@ -15,7 +15,10 @@
15
15
  },
16
16
  "dashboard": {
17
17
  "key": "dashboard",
18
- "arn": "arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName}"
18
+ "arn": "arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName}",
19
+ "conditionKeys": [
20
+ "aws:ResourceTag/${TagKey}"
21
+ ]
19
22
  },
20
23
  "insight-rule": {
21
24
  "key": "insight-rule",
package/data/serviceNames.json CHANGED
@@ -24,6 +24,7 @@
24
24
  "appflow": "Amazon AppFlow",
25
25
  "application-autoscaling": "AWS Application Auto Scaling",
26
26
  "application-signals": "Amazon CloudWatch Application Signals",
27
+ "application-signals-mcp": "Amazon CloudWatch Application Signals MCP Server",
27
28
  "application-transformation": "AWS Application Transformation Service",
28
29
  "applicationinsights": "Amazon CloudWatch Application Insights",
29
30
  "appmesh": "AWS App Mesh",
package/data/services.json CHANGED
@@ -24,6 +24,7 @@
24
24
  "appflow",
25
25
  "application-autoscaling",
26
26
  "application-signals",
27
+ "application-signals-mcp",
27
28
  "application-transformation",
28
29
  "applicationinsights",
29
30
  "appmesh",
package/package.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "@cloud-copilot/iam-data",
3
- "version": "0.19.202605011",
3
+ "version": "0.19.202605051",
4
4
  "description": "AWS IAM Data",
5
5
  "repository": {
6
6
  "type": "git",
7
7
  "url": "git+https://github.com/cloud-copilot/iam-data.git"
8
8
  },
9
- "updatedAt": "2026-05-01T05:50:49.457Z",
9
+ "updatedAt": "2026-05-05T05:32:53.542Z",
10
10
  "exports": {
11
11
  ".": {
12
12
  "import": "./dist/esm/index.js",